CVE-2025-23318
BaseFortify
Publication date: 2025-08-06
Last updated on: 2025-08-12
Assigner: NVIDIA Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nvidia | triton_inference_server | to 25.07 (exc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| microsoft | windows | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-805 | The product uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer. |
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Python backend of the NVIDIA Triton Inference Server for Windows and Linux. It allows an attacker to cause an out-of-bounds write, which means the attacker can write data outside the intended memory boundaries. This can lead to serious issues such as executing arbitrary code, causing the server to crash (denial of service), tampering with data, or disclosing sensitive information.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to execute arbitrary code on the affected system, disrupt service by causing denial of service, alter or tamper with data, and disclose sensitive information. This can compromise the integrity, availability, and confidentiality of the system and its data.